With help from igorsky I'm about ready to release a firmware flasher that works via the SD/MS card slot. I picked up a fresh new Reader today and I'm using it as the test subject.

Question to the rest of you: is Sony right to be worried? Is someone going to use the technology to break the DRM? I enjoy being able to buy reasonably fresh main stream ebooks and I'm not interested in producing and releasing a tool that results in the destruction of that ability.

Yeah, it would have been much easier to disassemble CONNECT, step through it with a Windows debugger and try to break the DRM that way. If they used strong encryption like they do with firmware update, this process would have been rather futile any way though, wouldn't it.

I don't see what point breaking the DRM in the Reader itself would even have -- it's not like the Reader really has an output mechanism. I suppose you could download the 'broken' files back to your computer, but why would anyone bother? Somebody might try it just to say they did it, but I think igorsk and porkupan have the nub of it: if somebody breaks the Connect DRM it will be done on a more versatile (not to mention powerful) piece of hardware than the Reader itself.

I just don't see that being able to (re)flash the Reader would make much difference in the matter either way.

One of the easiest ways to "break" the DRM would be to write an app that automates the connect software and does window captures to bitmaps, then runs OCR on those. That wouldn't require any crypto smarts or reverse engineering, and any half-dencent Windows programmer could do it in a few hours (assuming they had some OCR software to use). Taking the firmware route (or attacking the desktop software) may result in a class break but its much harder to do, especially the firmware route (just contrast the number of people who can read x86 disassembly with symbolic debug info available for many of the DLLs with the number that can read ARM assembly).

P.S. No - this doesn't mean I/we like DRM. But let's please not turn this into yet another DRM bashing thread. That's a separate topic that needs a separate thread.

How about a DRM-praising thread?

DRM is actually a necessary and potentially good technology if it ever gets done right. I think its fair for a content creator to be paid by each consumer, but the media costs should be borne only once, and all costs other than the royalties should be transferable along with ownership. Unfortunately the people who inflict the DRM are not the content creators, but the middlemen - exactly the people who should be cut out of the deal when ownership is transferred. As a result, DRM currently is focused on preventing transfer of ownership, rather than encouraging it (and the latter, if done properly, would actually maximize the revenue accrued to the content creator).

Amazon and Fictionwise have both proven to me that some merchants can't be trusted with DRM, they've both ripped me off.

The first Reader DRM attack I'd think people would sell out Sony for would be to allow the Reader to be attached to multiple CONNECT accounts so people could "lend" ebooks purchased from the Sony CONNECT store.

I think that being able to flash the reader will work somewhat akin to rockbox on ipod. Custom firmware might be enabled, but it will be limited to enthusiasts.

Quote:

The first Reader DRM attack I'd think people would sell out Sony for would be to allow the Reader to be attached to multiple CONNECT accounts so people could "lend" ebooks purchased from the Sony CONNECT store.

It's already limited to two sony readers attached to the same account, not any two accounts that can share books.

It's already limited to two sony readers attached to the same account....

Um ... no it's not. You can have a maximum of 5 Readers on a single account, if you're willing to only have 1 PC on the account -- the limit is 6 devices per account, with both Readers and PCs counting as "devices."

What you can't do is have a single "device" (be it Reader or PC) on more than one account, that's the sort of 'hack' that scotty1024 is theorizing might be attractive to the average person.

Not only 6 devices but you have to connect the device to Sony's Connect store to de-authorize it. My main computer's primary hard drive recently crashed. Sony sees the same computer with a new hard drive as a new device. However I can't use that device to "de-authorise" it because it no longer works. Sony says they de-authorized it but it still shows as one of my devices. Go figure! At this rate, we will all eventually have only our reader that is usable and also authorized.

My main computer's primary hard drive recently crashed. <snip> Sony says they de-authorized it but it still shows as one of my devices.

I had a PC crash the first week of January, and hit the same problem, however, when I called the number they de-authed the old PC just fine and it dropped off my devices list. Maybe you ought to try calling them again, it sounds like it didn't go through correctly. I agree, though, that's frustrating.